Recent IT industry trends has seen a greater use of co-location datacenters to supplant/augment client IT computer infrastructure. This has resulted in an increase in the types of people who need access to areas containing such computers in order to provide on-site service support (i.e., a variety of suppliers, contractors, etc.). Consequently, the increased access has concurrently created a heightened need for system hardware security to minimizing potential tampering events. Some computer systems employ a locked door approach, whereby the emergency power off switch is maintained behind the locked door. However, this creates a problem because, in an emergency, such computer systems cannot be shut off using the switch unless/until, an appropriate person unlocks the door.
To avoid the foregoing problem, some computer systems leave the emergency power off switch and a tag or label containing certain system identification information exposed and accessible, irrespective of whether there is a door that can be locked to prevent access to the remainder of the computer equipment. However, computer systems with a universal emergency power off (UEPO) that is exposed when their enclosure is closed and locked are susceptible to the UEPO switch being switched when the system is running, either inadvertently, or intentionally.
To prevent inadvertent switching of the UEPO switch, many computer systems include a door or cover over the switch that must be slid or flipped out of the way in order to be able to move the UEPO switch. However, such an approach does noting to prevent intentional tampering with the switch.
Intentional tampering with an exposed UEPO switch (i.e., switching it off while the system is running) creates a significant problem because it would effectively interrupt system operation in the equivalent of an “unscheduled incident repair action” (UIRA). A UIRA is a hardware event that causes a system to be rebooted in full or degraded mode. It is typically caused by a non-recoverable failure in a critical hardware function which results in the need to bring a customer's system down for repair at an unscheduled time and is perhaps the single most important Reliability, Availability and Serviceability (RAS) characteristic.
Moreover, since that type of intentional tampering with the UEPO switch would be “transparent” in that it would normally appear to be a legitimate UIRA, it would likely be treated as such, resulting in a time consuming, wasteful, and fruitless search for the cause of the failure.
Thus, there is a continuing problem with maintaining the security of an exposed UEPO switch of a computer system against tampering while allowing for legitimate access in an emergency.